The Chesapeake Point of View

The GDPR. Yes – it matters.

June 11, 2018

The General Data Protection Regulation. You’ve seen Zuckerberg sweat about it in interviews, read stories about large fines and serious changes – but as a US-based hospitality business, what does the GDPR mean to you?

If you target market anywhere in the EU, then the GDPR could have significant consequences for your business. And pay attention, because the fines can go up to 4% of a company’s global revenue.

That said – the regulations are surprisingly common-sense. Data must be:

Processed lawfully, fairly and in a transparent manner

Collected for specified and legitimate purposes

Limited to what is necessary

Accurate and, where necessary, kept up to date

Kept for no longer than is necessary

Processed in a manner that ensures appropriate security

Long-form legalese consents are a thing of the past – people need to know what their data is being used for in language a lawyer does not need to decode, and then companies need to actually use it for that specific purpose. Throughout that period, companies need to maintain security, and then can’t hang on to troves of data that could be breached at a later date.

If you operate a property in Europe, or in any way capture or solicit personal data in the EU through targeted advertising, then you need to adopt the GDPR protocols as soon as possible. But even if you don’t, the GDPR does a good job at outlining what responsible data usage on the web ought to be.

So do you best to live up to the GDPR – ask your IT providers about their levels of compliance - if for no reason other than practicing ethical, responsible data management online is the right thing to do, and the GDPR is a great place to start.